Re: Applications Proxies

[Paul Robertson <proberts () patriot net>]

On Tue, 18 Dec 2001, Oscar Batyrbaev wrote:

> Hi,
> Does anybody know what percentage of the market various especially HTTP(s)
> Applications Proxies have? I.e. out of all web servers that sit behind a
> firewall say with port 80 open, what percentage of traffic goes thru
> Applications Proxies or software or appliances that regenerate IP packets
> before they reach the destination server?

Sorry, I don't have stats, but I'd like to point out (just in case you're
not aware) proxies are generally used to protect Web clients, not Web
servers.

Even in places where I've put in application layer gateways (and that
tends to be >99% of places I've firewalled) to protect the enterprise, I tend
to use filters for Web servers on the DMZ or service network.  It cuts down on
latency, support issues, and if there's a transport layer attack against your
Web servers, you're going to patch it quickly anyway- and those aren't all
that common compared to the set of successful attacks against Web servers
overall, and so far they've all been DoS attacks unless you happen to have
been running TCPDump on your Web server.


Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards